Possible bug in ocserv-worker http header parsing
Konstantin M. Khankin
khankin.konstantin at gmail.com
Fri Jan 6 12:19:38 PST 2017
HI!
I've just installed and configured ocserv on my centos box:
ocserv-0.11.6-1.el7.x86_64
http-parser-2.7.1-3.el7.x86_64
I'm using openconnect client from ubuntu:
OpenConnect version v5.02
Using GnuTLS. Features present: PKCS#11, TOTP software token, DTLS
(using OpenSSL)
Trying to establish connection:
$ openconnect -vvv <HOST> --cafile=<FILE> --no-xmlpost
GET https://<HOST>/
Attempting to connect to server <ADDRESS>
SSL negotiation with <HOST>
Connected to HTTPS on <HOST>
Failed to read from SSL socket: A TLS packet with unexpected length
was received.
Error fetching HTTPS response
Failed to obtain WebVPN cookie
I checked with wireshark that TLS handhsake happens correctly and ran
ocserv in foreground with debugging. I saw the following:
ocserv[6554]: TLS[<5>]: REC[0x7f98e90d7df0]: Received Packet
Application Data(23) with length: 176
ocserv[6554]: TLS[<5>]: REC[0x7f98e90d7df0]: Decrypted Packet[1]
Application Data(23) with length: 147
ocserv[6554]: worker: <CLIENT IP> HTTP processing: : Host
ocserv[6554]: worker: <CLIENT IP> HTTP processing: : HostUser-Agent
ocserv[6554]: worker: <CLIENT IP> HTTP processing: : HostUser-AgentAccept
ocserv[6554]: worker: <CLIENT IP> HTTP processing: :
HostUser-AgentAcceptAccept-Encoding
ocserv[6554]: worker: <CLIENT IP> HTTP processing: :
HostUser-AgentAcceptAccept-EncodingX-Transcend-Version
ocserv[6550]: main: <CLIENT IP> worker terminated
ocserv[6550]: main: <CLIENT IP> user disconnected (reason:
unspecified, rx: 0, tx: 0)
ocserv-worker dies after it tries to parse http header. Given that
header options are being concatenated in debug output, I'm not sure if
it's just a bug in debug output or options are parsed wrong
Could you please have a look?
Thanks!
--
Khankin Konstantin
More information about the openconnect-devel
mailing list